EH-NetCommunity Forums2013-01-18T15:48:44-05:00https://www.ethicalhacker.net/forums/feed.php?f=1012013-01-18T15:48:44-05:002013-01-18T15:48:44-05:00https://www.ethicalhacker.net/forums/viewtopic.php?t=9938&p=55484#p55484Statistics: Posted by lorddicranius — Fri Jan 18, 2013 3:48 pm
]]>2013-01-17T21:45:09-05:002013-01-17T21:45:09-05:00https://www.ethicalhacker.net/forums/viewtopic.php?t=9938&p=55468#p55468I thought I'd share with you the details of a new class written and taught by EH-Net Columnist, Georgia Weidman. It is 2 seperate courses, each 2 days in length. But you can do both back-to-back for only $995. That's 4 full days of mobile security for under a grand with no travel hassles or cost.

She hopes to do this on a continuing basis. The first run starts on Monday Jan 28.

2-day course is a stand-alone intro to securing mobile devices such as smartphones & tablets with practical recommendations that can immediately be put into practice inside your organization. Only $495!

In, Mobile Hacking 101, the first article in my new column on The Ethical Hacker Network, I felt it was appropriate to start from the beginning. Offer up a primer if you will to give the readers a brief synopsis of where we’ve been and where we’re heading in regards to smartphones, their security and their determined march into the enterprise. Now that the basics have been covered, it’s now time to start digging deeper into the technical aspects of smartphone security. The logical next step is to set the foundation of a mobile penetration testing lab and eventually enter the live testing phase. That’s where the Smartphone Pentest Framework (SPF) enters the picture. Being the developer of this project, I thought it might be interesting to give you a personal tour.

Often when I try to tell people about SPF, they naturally jump to the conclusion that this is a tool to let you run Nmap or Metasploit on a smartphone. While that is certainly cool, it's been done before. SPF takes the opposite angle. Instead of pentesting from a smartphone (though some attacks in SPF can be launched from an on-device app), our goal is to instead perform a pentest of the mobile devices themselves. As mobile devices are joining more corporate networks every single day, do organizations have a security standard in place? If so, is it being properly enforced? Even if it is, do the smartphones in the environment open you up to total compromise as they access internal networks with direct access to sensitive resources, receive and store sensitive emails, and a wide variety of other security red flags? For this reason, all mobile devices should be in your organizations’ penetration testing activities. Like Metasploit for network pen testing, SPF is a tool to help make it easier to pen test those pesky mobile devices.

As always, let us know what you think of these articles and if there's something specific you'd like Georgia to cover,Don

]]>2012-08-18T12:22:18-05:002012-08-18T12:22:18-05:00https://www.ethicalhacker.net/forums/viewtopic.php?t=9122&p=50756#p50756I'd also rather part with my wallet than my smartphone. I've even debated continuing to carry my old 3Gs as a decoy to discard should I ever get mugged.

That was a good intro article. I was also familiar with most of those topics, mostly from your PaulDotCom appearances, but I'm definitely looking forward to the more in-depth articles.